Cloud Computing Not Ready For Prime Time?
I just read another in a never-ending series of articles that takes a polarized view of Cloud Computing and its readiness for critical applications and data.
In the ComputerWorld article titled "Cloud computing not ready for critical apps,", Craig Steadman and Patrick Thibodeau present some very telling quotes from CIO's of some large enterprises regarding their reticence toward utilizing "Cloud Computing" and it's readiness for their mission critical needs.
The reasons are actually quite compelling, and I speak to them (and more) in my latest Cloud Computing presentation which I am giving at Source Boston this week:
Reliability, availability and manageability are all potential show-stoppers for the CIO's in this article, but these are issues of economic and adoptive context that don't present the entire picture.
What do I mean?
At the New England Cloud Computing Users' Group, a Cloud-based startup called Pixily presented on their use of Amazon's AWS services. They painted an eye-opening business case which detailed the agility and tremendous cost savings that the "Cloud" offers. "The Cloud" provides them with reduced time-to-market, no up-front capital expenditures and allows them to focus on their core competencies.
All awesome stuff.
I asked them about how their use of AWS and what amounted to a sole-source service provider did to their disaster recovery, redundancy/resiliency and risk management processes. They had to admit that the day they went live with feature coverage on the front page of several newspapers also happened to be the day that Amazon suffered an 8 hour outage, and thus, so did they.
Now, for a startup, the benefits often outweigh the risks associated for downtime and vendor lock-in. For an established enterprise with cutthroat service levels, regulatory pressures and demanding customers who won't/can't tolerate outages, this is not the case.
Today we're suffering from issues surrounding the fact that emerging offerings in Cloud Computing are simply not mature if what you're looking for involves the holistic and cohesive management, reliability, resilience and transparency across suppliers of Cloud services.
We will get there as adoption increases and businesses start to lean on providers to create and adopt standards that answer the issues above, but today if you're an enterprise who needs five 9's, you may come to the same conclusion as the CIO's in the CW article. If you're an SME/SMB/Startup, you may find everything you need in the Cloud.
It's important, however, to keep a balanced, realistic and contextual perspective when addressing Cloud Computing and its readiness — and yours — for critical applications. Polarizing the discussion to one hyperbolic end or the other is not really helpful.
/Hoff
Categories: Cloud Computing, Cloud Security
Well said.
Two things are lost on those that say cloud computing is not ready for critical apps. The first is what you point out: How do they know? Have they looked at every offering out there, and judged them insufficient? Did they see that both Terramark and Mosso have done PCI-compliant clouds for customers? Sounds pretty critical to me.
The second is that the time it takes an enterprise to spin up, staff and execute on a plan as involved as moving a critical app to the cloud, the technology will have matured that much more. Granted, its irresponsible to throw big money at such a project if you don't have a destination cloud (or platform) identified, but most companies would be perfectly fine with pushing forward given a *credible* promise from their provider to meet their needs.
The biggest problem cloud computing has right now is not the ambiguity of the term, its the ridiculous desire of the press, analyst and (at times) customer communities to whitewash the market with a single description of capability, applicability and maturity.
James
<nod>
That single description of "capability, applicability and maturity" (and ultimately security/resilience) will contribute to the deflation of value of Cloud Computing and its various constructs.
You’ve made some great points about broad brush statements either for or against cloud computing in this piece. It’s no secret that companies of all sizes are looking for ways to do more with less, particularly given the current economic situation, and that cloud computing could make good business sense depending on the application, business process, size of company, level of complexity of compliance requirements, etc.
Interestingly enough, I recently sat down with my company’s VP of IT Compliance to talk about the issue of compliance in the cloud. He talked about the key challenge he sees with cloud computing – that you need to look under the hood to be sure you know what you’re getting, how it compares to what you already had, and whether it is sufficient for your compliance and auditing needs. For companies with very sophisticated IT controls, moving to the cloud may actually make you more vulnerable, but for one with somewhat limited compliance controls requirements, it could be a drastic (and important) improvement. If you’d like to hear more of his thoughts, check out a recap of our discussion here: http://blog.ca-grc.com/2009/03/expert-q-and-a-ca%…
As with any new technology or concept, there will be an initial phase of investigation where industry pundits try to draw a line in the sand about whether or not the new way makes sense for everyone. The truth is, we know that what makes the most sense for one may make little or no sense to another. I agree it’s important to look at cloud computing on a case by case basis to see if it’s right for you before jumping to conclusions either way.
With respect to applications moving from the Datacenter into The Cloud, I don't think this will happen until storage vendors make moving LUNs into The Cloud easy, transparent, and secure. At that point, your CX3/4 (or NetApp etc) becomes a cloud gateway and moving your application is theoretically as easy as doing a LUN mirror in storage behind the scenes. I'm not sure what that protocol would look like as far as latency, but it will probably have to deal with mirroring and load balancing that same data across multiple storage clouds for that time when Amazon goes down.